SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Printer)  >   Infoprint Printers Vendors:   IBM
IBM Infoprint Printer Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1005485
SecurityTracker URL:  http://securitytracker.com/id/1005485
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 25 2002
Impact:   Denial of service via network
Exploit Included:  Yes  

Description:   A denial of service vulnerability was reported in IBM's Infoprint printers. A remote user can cause the printer to crash.

It is reported that a remote user can send "an excessive number of characters" to the printer's remote management telnet service to cause it to refuse to allow any further login sessions. Cycling the power to the device will reportedly restore login functionality.

According to the report, it may also be possible to crash the entire printer by sending a large amount of data (several kbytes) to the telnet port.

The vendor has reportedly been notified.

Impact:   A remote user can cause the printer or the printer's telnet management port to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.printers.ibm.com/R5PSC.NSF/Web/wglaserselect (Links to External Site)
Cause:   Boundary error, Exception handling error

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Fix is Available) Re: IBM Infoprint Printer Can Be Crashed By Remote Users
A fix is available.



 Source Message Contents

Subject:  IBM Infoprint Remote Management Simple DoS


Overview
========
IBM makes a series of TCP/IP enabled printers that come with remote
management features:

<http://www.printers.ibm.com/R5PSC.NSF/Web/wglaserselect>

One of these features is a Telnet-based remote management service, which
has a DoS vulnerability. The vulnerability discussed here was tested on an
IBM Infoprint 21 (older model), but is probably present in other printers
of the same product line.


Issue
=====
The Telnet-enabled remote management feature used in the printer does not
properly check user input, namely the login name. By connecting to port 23
and entering a login name consisting of an excessive number of characters
a DoS condition will occur, and the Telnet service will refuse to allow
further logins to the service. This is most likely due to a buffer
overflow vulnerability in the login handling code.

Power cycling the printer will restore functionality.


Impact
======
After the DoS condition has occurred, the Telnet service on the printer
will continue accepting connections but will no longer display a login
prompt. The connection will eventually time out. Other services are
unaffected. 

While testing with large input data I was able to bring the entire printer
down hard by sending enough data (several k) to port 23. The entire
network interface was down, and the physical control panel on the printer
was unresponsive. Printing was not possible. The only solution was to
power cycle the printer once or twice(!) to restore functionality.


Workaround
==========
There do not appear to be any firmware updates available for the specific
printer, nor any mention of these kind of issues on the vendors web site.
Best practices dictate that printers and other internal assets should be
only accessible from the internal network or through authenticated
connections.

It does not seem to be possible to disable the Telnet service without
disabling all TCP/IP functionality from the printer.


Vendor Status
=============
IBM was contacted on 2002-10-18. No acknowledgement of response of any
kind was received.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC